How to bind OSX 10.4 Server to AD for client authentication...

I must start out by saying that I am a relative newbe to the Apple world, and while i have a basic knowledge of AD and how it works pelase do not omit any small details or assume that i will know what you are talking about!

Okay, I am a System Administrator at a medium-sized high-school (we have around 200 student workstations (PCs) and another 100 staff laptops (mix of Apple and IBM). The school has just purchased a shiny new Xserve, 12 MacPro's, and 40 MacBooks.

The idea is that we would like the users to be able to log-on to any of the Macs with their AD username and password. The catch is that for those students doing a subject such as Art or Media, they need to have a home directory on the Xserve. So if a student does not have a home directory on the Xserve, they just log on and use the computer, saving ot their NT home directory, whereas an art student comes along, puts in their own account and are presented with their home folder on their desktop.

I need somebody to walkthrough binding the Xserve to the AD server and then setting up authentication that way... i'm not sure if all of the clients need to be bound to the AD server as well... i would prefer if they didnt, but if that's what has to happen, so be it.

The logic i invisige is this: (excuse my crude diagram)

[AD Server]-------[Xserve]-------([Mac Clients])
|
|
([PC Clients])

It would be great if i could just set up a user group in AD for those students who need a specific Xserve Home directory, but this could also just as easily be done on the Xserve itself.

Sorry if I am not making any sense, please ask any questions that you need to clarify anything.

Sorry I have been traveling and busy with development efforts.
Apple has all the directions you will need to accomplish this in thier support area of the website here:
http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c7od47.html

You can setup accounts on the XServe separate from the AD domain - using the Workgroup manager on the XServe. But yes you still have to bind all the Macs to AD if you want the AD accounts to have access to those computers.

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Yes you have to bind the XServe server to active directory and then you have full access to active directory as well as the XServer features /blogs /jabber etc... but if you want people to be able to log in apart from the Active Directory you can also bind them only to the Open Directory from the XServer - so you can have the best of both worlds. I have my entire Active Directory structure bound to my XServer so all my domain users have immediate access to blogs and jabber - but I can also add external accounts for my consultants using the Open directory structure on the XServe. But you have to Bind the Xserve to the Active Directory Domain first.

I am sorry - I meant to say no - The XServe picks up the AD accounts dynamically - so you have the best of both worlds - Active Directory access for AD accounts as well as custom Open Directory accounts.

Featured Post

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

This article will cover some tips for successfully installing the new update to OS X; 10.5.7. Although the information contained within could be used for any OS X point release. Please note that this information applies to point releases to a parti…

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…

Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…